Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FR] integrated NAT64 translation for outbound packets (e.g. when DNS64 in use) #721

Open
eqvinox opened this issue Jul 23, 2022 · 1 comment
Open

[FR] integrated NAT64 translation for outbound packets (e.g. when DNS64 in use) #721

eqvinox opened this issue Jul 23, 2022 · 1 comment

Comments

@eqvinox
Copy link
Contributor

eqvinox commented Jul 23, 2022

Current behavior
This is loosely related to the dns64 module (and its dns64-prefix config option). The existing behavior of this module should not change, it's really an independent feature, just in the same ballpark area.

Describe the desired feature
When unbound is running in a NAT64/DNS64 scenario, it may not actually have IPv4 connectivity itself (i.e. be behind the same NAT64.) In this case, any domain that has solely IPv4 NS will fail to resolve, since unbound is trying to reach it over IPv4.

An option to make unbound internally translate its outgoing packets from IPv4 to the NAT64 prefix would make this work nicely. This would be optional behavior enabled with a switch somewhere; it could use the dns64-prefix option as default, or have its own prefix setting.

(I checked out the unbound source and looked around, but the code base is too complex for me to figure out how to add this feature, sorry.)

Potential use-case
The use case for this is running a validating recursor on devices inside a NAT64 domain. Might be a larger network with one fat NAT64 gateway but with a desire for distributing/splitting out recursors. Might be a laptop with a local recursor.
eqvinox added a commit to eqvinox/unbound that referenced this issue Jul 23, 2022
@eqvinox
NAT64 support
7fa39d6 
This implements NLnetLabs#721.  It's not really polished but does work.

TODO:
- clean up code formatting
- make NAT64 prefix configurable instead of hardcoding it
@eqvinox eqvinox mentioned this issue Jul 23, 2022
Merged
eqvinox added a commit to eqvinox/unbound that referenced this issue Nov 5, 2022
@eqvinox
NAT64 support
a4bfae5 
This implements NLnetLabs#721.  It's not really polished but does work.

TODO:
- clean up code formatting
- make NAT64 prefix configurable instead of hardcoding it
eqvinox added a commit to eqvinox/unbound that referenced this issue Nov 5, 2022
@eqvinox
NAT64 support
3c93de1 
This implements NLnetLabs#721.  Includes documentation and some very basic tests.
Please refer to doc for further detail.
eqvinox added a commit to eqvinox/unbound that referenced this issue Nov 7, 2022
@eqvinox
NAT64 support
64fb06f 
This implements NLnetLabs#721.  Includes documentation and some very basic tests.
Please refer to doc for further detail.
@agowa
Copy link

agowa commented Nov 26, 2022

Ran into this issue today too. Thanks for the PR, hope it gets merged soon.

@agowa agowa mentioned this issue Dec 30, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eqvinox @agowa